By the end of this tutorial, you'll have walked through a complete Enhanced Customer Due Diligence (ECDD) process in BNDRY — from the moment a trigger is identified to the point where the Workspace is resolved and the entity's record is updated. You'll understand which parts of the platform are involved at each stage, what moves between them, and what the finished process looks like as an auditable record.
We'll follow one canonical path end to end. The details of your organisation's AML/CTF programme will vary, but the shape of the process in BNDRY is the same every time.
Before you start
Before working through this tutorial, make sure the following are in place:
- You have access to BNDRY with a role that allows you to open Workspaces and run automations. If you're unsure, check with your administrator.
- The entity you'll be working with already exists in BNDRY as an Individual, Company, or Trust record.
- Your tenant has at least one ECDD form template configured. If it hasn't been set up yet, contact your BNDRY administrator.
- If you'd like background on why ECDD is a regulatory requirement before diving in, AUSTRAC's guidance is a useful starting point.
One Workspace per ECDD. Each time you conduct ECDD on an entity, you create a new Workspace for that specific process. A Workspace represents a single investigation or review instance — not an ongoing relationship. Over time, an entity will accumulate multiple ECDD Workspaces, each one a self-contained record of a single review. All of them remain visible from the entity profile.
Phase 1 — Identify the trigger and locate the entity
Every ECDD begins with a recognised trigger. Your organisation's AML/CTF programme defines exactly what these are, but common ones include:
- A risk rating escalating to High
- A PEP or Sanctions match identified during screening
- An Unusual Activity Report (UAR) investigation being opened, or a Suspicious Matter Report (SMR) submitted
- A material change to the entity's profile — ownership, tier, location
- A periodic OCDD review falling due for a High-Risk entity
Open the entity's profile in BNDRY. Before you go any further, take a moment to review what's already there: their current risk rating, any prior screening results, linked entities such as directors or ultimate beneficial owners (UBOs), and the history of prior compliance activities. This context — prior ECDDs, open investigations, verification outcomes — is what makes the entity profile the operational centre of the process. You're not starting from scratch; you're adding to an accumulating record.
Phase 2 — Open an ECDD Workspace
From the entity profile, open a new Workspace and select your ECDD form template. Give the Workspace a name that identifies the process — most teams include the trigger type and the date, such as "ECDD — PEP match — June 2026".
The Workspace is now the container for this specific ECDD process. Forms completed and documents collected here are linked to this entity and retained as part of the audit trail.
Set the Workspace status to In Progress. If other team members need to collaborate on this review, they can access the Workspace directly. Workspace statuses give everyone a shared view of where the process is up to.
Phase 3 — Run the research and verification automations
Before filling out any forms, run the automated checks relevant to your ECDD process from the entity profile. These give your team the information they need to make an informed assessment and ensure that the record reflects the current state of the entity at the time of the review.
The automations most commonly used during ECDD are:
| Automation | What it does in an ECDD context | Where the result goes |
|---|---|---|
| PEP and Sanctions screening | Checks the entity against global PEP lists, sanctions lists, adverse media, and regulatory enforcement datasets. Runs against individuals, companies, and trusts. | Activity Log on the entity; screening tags applied |
| Agentic Identity Research | An AI-powered automation that searches the web for adverse media and PEP information beyond structured data providers. Returns summarised findings with source links — useful when you need to go deeper than a standard screening check. | Structured research summary stored as an Activity Log |
| Document Verification (DVS) | Re-verifies the entity's Australian government-issued identity documents — passports, driver licences, Medicare cards, birth certificates — against the Document Verification Service. | Verification result logged as an Activity on the entity |
| Company Verification (KYB) | For company or trust entities, verifies against ASIC, CreditorWatch, and GBG datasets. Retrieves ownership structure, registration details, and directorship information to confirm UBOs and disclosed business relationships. | Business verification extract stored against the entity; linked individual entities updated |
Each automation result writes back to the entity's Activity Log as a structured, timestamped record. You don't need to manually save or copy results anywhere — they're captured automatically and will be visible on the entity profile long after this Workspace is resolved.
Agentic Identity Research is an early-release feature. Contact your BNDRY administrator or the BNDRY team to enable it for your tenant.
Phase 4 — Collect information through the Workspace forms
With the automated checks done, your team works through the ECDD forms inside the Workspace. These forms are where the substantive assessment happens — capturing findings, attaching evidence, and recording the team's conclusions.
A typical ECDD form set covers:
- Source of Wealth — how and where the entity has accumulated assets over time
- Source of Funds — the origin of funds for a specific transaction or time period
- Supporting documentation — file uploads such as payslips, tax returns, business records, or property documents
- Investigation context — any UAR investigation or SMR that forms part of the trigger
- Compliance team findings — the team's assessment and determination
If some of this information needs to come directly from the entity, use BNDRY's external portal. Generate a temporary access link from the Workspace, specify which forms the entity should see, set an expiry time, and send it. The entity opens a branded, secure portal — no account required — and submits the information directly. Their submission routes back into the Workspace and is stored against the entity profile.
Any organisation-specific data points that sit outside the standard form fields — internal risk category designations, tier classifications, or programme-specific flags — can be captured using Custom Fields on the entity profile. Custom Fields are configured at the tenant level and group into named sections on the profile.
Phase 5 — Record the determination and resolve the Workspace
Once the forms are complete and the team has reviewed the findings, record the outcome. This typically means:
- Updating the entity's risk rating to reflect the conclusion of the review — in most cases this will confirm or move the entity to High Risk
- Completing any custom fields relevant to the determination
- Setting the Workspace status to Resolved
Resolving the Workspace closes this ECDD instance. The record — every form submission, every document collected, every status change — is now permanently attached to the entity profile with full timestamps and user attribution.
The entity's Activity Log is the first place to look when preparing for an audit or reviewing what was done during an ECDD. It shows a chronological feed of everything logged during the process — check runs, form submissions, and more — all in one place.
What you've learned
You've walked through the shape of a complete ECDD process in BNDRY. You know that the entity profile is the anchor — everything starts and ends there. You know that each ECDD gets its own Workspace, that automated checks are run from the entity profile and their results accumulate on it, that the Workspace holds the forms and documents for this specific review, that the external portal handles information requests without email, and that resolving the Workspace produces an auditable record that compounds over time. That's the full loop. Every ECDD you run in BNDRY follows the same shape.
See also
These articles cover the individual BNDRY features used throughout this process in more depth.
Comments
0 comments
Article is closed for comments.